On Wed, Mar 28, 2012 at 11:12:30AM -0400, Frank Ch. Eigler wrote:> Hi, Jiri -> > > [...]> > > [...] Upon a normal syscall entry to the kernel, not> > > all user registers are saved explicitly for such easy retrieval. The> > > others may be spilled to the stack by gcc during the various sys_*> > > functions or elsewhere. [...]> > > > Are you reffering to x86_64 where only portion of registers> > is stored by SAVE_ARGS macro? Seems like 32 bits stores the> > whole pt_regs.> > I believe that's the right area. I'm not sure even the 32-bit variant> is complete enough, for example exempting MMX/SSE registers. These> may also contain spilled registers before long.> > > > Generally you could need all the registers to start the unwind, but> > I was assuming that for most cases the stack pointer and instruction> > pointer should be enough.. but I might be wrong here.> > Yeah; the question is how much is missed besides those "most cases".> > > > > To recover these registers at run time, we found that the kernel> > > stack itself has to be partially unwound [... Without that, it ...]> > > may accidentally pass garbage data to perf userspace. Correcting> > > this could require a kernel-space libunwind.> > > AFAIK not going to happen any time soon ;)> > Understood. Then the code needs to ensure that it does not purport to> pass register values that it does not know. (Back when we were at> this stage in systemtap, we got some reasonable backtraces even> without kernel unwinding, ie. tolerating missing registers.)

Right.

I think in normal syscall case we save rdi, rsi, rdx, rax and rip.If we take the syscall slow path we save rbx, rbp, r12-15.

Unfortunately we don't save rsp, which must be the most importantfor cfi unwinding.

We probably need to check what is saved in irqs (set_irq_regs())and exceptions as well.